Comment 42 for bug 1430645

Reviewed: https://review.openstack.org/173361
Committed: https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7
Submitter: Jenkins
Branch: master

commit dd9d97458ea007024220a78dba8dd663e8b425d7
Author: John Dickinson <email address hidden>
Date: Fri Mar 20 10:17:25 2015 +0000

    Prevent unauthorized delete in versioned container

    An authenticated user can delete the most recent version of any
    versioned object who's name is known if the user has listing access
    to the x-versions-location container. Only Swift setups with
    allow_version setting are affected.

    This patch closes this bug, tracked as CVE-2015-1856

    Co-Authored-By: Clay Gerrard <email address hidden>
    Co-Authored-By: Christian Schwede <email address hidden>
    Co-Authored-By: Alistair Coles <email address hidden>

    Closes-Bug: 1430645
    Change-Id: Ibacc7413afe7cb6f77d92e5941dcfdf4768ffa18